|
Message-Id: <201209242353.54353.geissert@debian.org> Date: Mon, 24 Sep 2012 23:53:53 -0500 From: Raphael Geissert <geissert@...ian.org> To: oss-security@...ts.openwall.com Cc: George Argyros <argyros.george@...il.com>, Aggelos Kiayias <aggelos@...yias.com>, Vladimir Vorontsov <vladimir.vorontsov@...ec.ru>, gifts <gifts.antichat@...il.com>, Anthony Ferrara <ircmaxell@...il.com>, Pierre Joye <pierre.php@...il.com> Subject: Re: Randomness Attacks Against PHP Applications On Sunday 23 September 2012 00:14:47 Solar Designer wrote: > > I agree too that education is important. This is something that we > > came to an agreement with the PHP team (for example that additional > > information is needed on the mt_rand manual). However, as pointed out > > nothing has changed yet (the conversations between us and the PHP team > > took place in March/April). > > Did PHP 5.4's change of session IDs (vs. 5.3's) occur before or after > your conversations with them? If you are referring to using /dev/urandom for entropy by default, it was changed because of: https://bugs.php.net/bug.php?id=51436 in 2010. Regards, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.